SAP issued an update to correct an ActiveX flaw that plagues its graphical user interface (GUI). The flaw could be exploited by an attacker to gain access to sensitive data.
The SAP interface is used in the software vendor's enterprise resource planning applications.
The flaw was discovered by Carsten Eiram, a researcher with Danish vulnerability clearinghouse Secunia. In the
"Successful exploitation may allow execution of arbitrary code," Secunia said.
SAP issued an update correcting the flaw. Version 7.10 sets the kill-bit for the ActiveX control.
The Waldorf, Germany-based software vendor has corrected a number of ActiveX flaws in the past. SAP issued an update to its GUI in November, correcting an ActiveX flaw that could crash Internet Explorer if an attacker passed malicious code.